CVE-2022-20259 An ICCID and EID could leak in Telephony when a permission check is missing. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2022-20259 An ICCID and EID could leak in Telephony when a permission check is missing. This could lead to local information disclosure with no additional execution privileges needed.

This issue has been fixed in the latest version of the mobile operating system. As a result, users do not have to update their software to be protected against this threat. When configuring a new device, it is recommended that the user selects their own EID and ICCID. Doing so will prevent information leakage through rogue devices. It is worth pointing out that the Android ID leak issue has been reported by the Google application. Therefore, users who are using this application on their devices will be protected against this issue.

What is the Android ID leak?

The Android ID leak is a vulnerability that has been found in the Android Operating System. It enables hackers to access information about your device. This includes text messages and phone numbers, which will give them access to your account on the Google Hangouts application.
Hackers can also change your settings and lock you out of your account if they have physical access to your device.

Android Man-in-the-Middle Attack (AMTMA)

– What it means
Android has a vulnerability known as the man-in-the-middle attack (AMTMA). With this vulnerability, an attacker can intercept communication between an Android device and a mobile network. This allows the attacker to gain access to customers’ personal data, including call logs, text messages, and media sharing. This is especially concerning for those who store sensitive information such as credit card numbers.
An AMTMA attack can be prevented by ensuring that your device is always on trusted Wi-Fi networks or networks with a VPN connection. If you do not want your information exposed through this vulnerability, it is recommended that you turn off notifications on your phone. In doing so, you will avoid receiving any updates from malicious applications in the future.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe